CVE-2016-10045 PHPMailer Remote Code Execution Vulnerability (Zero day)

PHPMailer is a code library to send (transport) emails safely and easily via PHP code from a web server (MUA to the MSA server).

A critical vulnerability exists in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application.

Affected Versions:
PHPMailer versions prior to 5.2.20

Note: CVE-2016-10045 is a bypass of the CVE-2016-1033 patch.

Successful exploitation could allow an attacker to execute arbitrary code on the targeted system.

The vendor has not confirmed the vulnerability and no patch information is available at this time.